I'd like it so that when a user clicks a "reset my password" link in email, it signs them out before rendering the password reset form if they are signed in. What happens now is it throws a flash "You are already signed in." I am hoping this is a config or a common pattern.

Thanks for any help, kevin

CodePudding user response：

It is generally a good idea to sign a user out before allowing them to reset their password. This helps to prevent any potential conflicts that could arise if the user is signed in on multiple devices or browsers.

To implement this, you would need to add a step in your password reset process that signs the user out before rendering the password reset form. This could be done by adding a call to the sign_out method (if using Devise) in the relevant controller action that handles the password reset.

Here is an example of how this could be implemented in a Rails application using Devise:

# app/controllers/password_resets_controller.rb

class PasswordResetsController < ApplicationController
  before_action :sign_out_user, only: [:show]

# Other controller actions

private

def sign_out_user
  sign_out current_user if user_signed_in?
end
end

In this example, the sign_out_user method is called before the show action, which is the action that renders the password reset form. This method checks if a user is signed in and, if so, calls the sign_out method to sign them out before rendering the form.

CodePudding user response：

I came up with this solution, in my passwords controller, i added this:

def require_no_authentication
    # this is a polymorphic override of devise controller, this is where they check
    # for if a user is already signed in, if they are editing their password then
    # sign them out before taking them to the password reset
    if params[:action] == "edit" and current_user
        sign_out(current_user)
    end
    super    
end